Skip to main content
CVE-2021-21861 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21860 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21859 HIGH POC This Week

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-32826 HIGH POC This Week

Proxyee-Down is open source proxy software. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Proxyee Down
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-38758 HIGH POC This Week

Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Online Catering Reservation System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-35392 HIGH POC PATCH THREAT This Week

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Rtl819X Jungle Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
83.2%
CVE-2021-33193 HIGH POC PATCH THREAT This Week

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.4.17 to 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Authentication Bypass Debian Linux Http Server Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
46.2%
CVE-2021-23423 HIGH POC PATCH This Week

This affects the package bikeshed before 3.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bikeshed
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38712 HIGH POC This Week

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Onenav
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-37711 HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36281 HIGH PATCH This Week

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Privilege Escalation Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-36279 HIGH PATCH This Week

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38608 HIGH This Week

Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Wapt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23422 HIGH PATCH This Week

This affects the package bikeshed before 3.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Bikeshed
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-3708 HIGH This Week

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 2750U Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
24.6%
CVE-2021-37707 HIGH PATCH This Week

Shopware is an open source eCommerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-22940 HIGH PATCH This Week

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Use After Free Node.js +7
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2021-22932 HIGH This Week

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-38711 HIGH PATCH This Week

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Gitit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22938 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22937 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2021-22935 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22934 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
4.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy